The University fights phishing proactively and reactively

hands typing on a laptop and red warning symbols and a stylised envelope

Photo: Getty images.

Phishing attacks, which are becoming increasingly frequent, tend to come in waves. But University IT Services deploys well-considered action plans to address these risks and to prevent and minimise damage.

profile photo of Pelle Lindé

Pelle Lindé

Today, most people are familiar with the term phishing (or whaling) via e-mail. The scammer pretends to be someone else and asks for help or tells you that you need to do something to keep your e-mail, storage, etc. by clicking on a link, logging in and confirming your user status or your existence. What they really want, and what they harvest if you do as they instruct, is your username and password.

“These scams are often very well-formulated making them difficult to detect. If you’re at all unsure, you can always contact ITsupport@uu.se for help in deciding whether an e-mail or request is genuine,” says Pelle Lindé, Business Solution Manager at University IT Services.

Some days are quiet on the phishing front. But on other days, many people are affected and the University is forced to block many accounts per day.

“If we look at what other universities, organisations and businesses have suffered and the consequences, it’s easy to see that the risks go well beyond high labour costs and disruptions in IT services. Phishing attacks can involve paying very large ransoms. Having to pay scammers up to hundreds of millions of kronor to get our data and IT services back is certainly not a situation we want to end up in. We want to do everything we can to prevent this at Uppsala University.”

Difficult balance to strike

During the most recent major phishing attack on Uppsala University in the week before the Ascension Day long weekend in May, the challenges were many. With four days off and no staff on site for reactive measures, University IT Services needed to plan for potential serious incidents as well as plan proactive measures carefully in order to minimise the risk of being attacked. In addition, University IT Services needed to try to limit the risks should the University be successfully attacked.

“It was a difficult balance to strike: to avoid unnecessary negative effects on our users while creating the time and capability to react should something major happen. Unfortunately, all measures we put in place have a downside.”

Pelle Lindé explains that University IT Services then decided to move up the warning message that appears in incoming e-mails. The colour of the message was also changed to make it more conspicuous.

“We also set a limit on users. They could send no more than 100 e-mails per day during those days off. That was to give us more time to react if an account was hacked and then used to send out many more phishing e-mails.”

An action chain was also prepared in case staff needed to be ordered in.

“We ensured access to the right people with the right skills and permissions and authority to take action. The results I could compile after that weekend showed that we had done very well in countering scams and reducing risks.”

Mitigating future risks

Staff planning for holiday periods is a major challenge, and this raises the question of what preparations the University has in place for similar attacks in the future, for example heading into the summer holidays.

“Our IT security measures are largely reactive, but automated proactive measures are used where possible. As the IT Solution Manager for Digital Communication, I make decisions on measures for regular weekends, long weekends and holiday periods. At best, we succeed in preventing scams that could have major consequences for the University.”

While some measures may at times make life a little more difficult for the University’s staff, it is worth bearing in mind that the alternatives are likely to be far more trouble and, above all, more expensive.

“We always try to send out information about measures beforehand via the Staff Portal or via IT Support. Sometimes we don’t manage to do this early enough, but if we work together I think we can keep the scammers at bay,” says Pelle Lindé.

 

Johan Ahlenius

Subscribe to the Uppsala University newsletter

FOLLOW UPPSALA UNIVERSITY ON

facebook
instagram
twitter
youtube
linkedin